GLSA-200503-27 : Xzabite dyndnsupdate: Multiple vulnerabilities

This script is Copyright (C) 2005-2014 Tenable Network Security, Inc.


Synopsis :

The remote Gentoo host is missing one or more security-related
patches.

Description :

The remote host is affected by the vulnerability described in GLSA-200503-27
(Xzabite dyndnsupdate: Multiple vulnerabilities)

Toby Dickenson discovered that dyndnsupdate suffers from multiple
overflows.

Impact :

A remote attacker, posing as a dyndns.org server, could execute
arbitrary code with the rights of the user running dyndnsupdate.

Workaround :

There is no known workaround at this time.

See also :

http://www.gentoo.org/security/en/glsa/glsa-200503-27.xml

Solution :

Currently, there is no released version of dyndnsupdate that contains a
fix for these issues. The original xzabite.org distribution site is
dead, the code contains several other problems and more secure
alternatives exist, such as the net-dns/ddclient package. Therefore,
the dyndnsupdate package has been hard-masked prior to complete removal
from Portage, and current users are advised to unmerge the package:
# emerge --unmerge net-misc/dyndnsupdate

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: Gentoo Local Security Checks

Nessus Plugin ID: 17588 (gentoo_GLSA-200503-27.nasl)

Bugtraq ID:

CVE ID: CVE-2005-0830